[PATCH 2/2] input: Fix crash when SDP record isn't available

Linux bluetooth development
 help / color / mirror / Atom feed

* [PATCH 2/2] input: Fix crash when SDP record isn't available
@ 2013-12-07 14:53 Bastien Nocera
  2013-12-07 17:52 ` Johan Hedberg
  0 siblings, 1 reply; 4+ messages in thread
From: Bastien Nocera @ 2013-12-07 14:53 UTC (permalink / raw)
  To: linux-bluetooth


On startup, if the SDP cache has been removed but the pairing
information is still present, we'd crash trying to access inside a
NULL record struct.
---
 profiles/input/device.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/profiles/input/device.c b/profiles/input/device.c
index 521aca8..62f6dbb 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -811,6 +811,9 @@ static struct input_device *input_device_new(struct btd_service *service)
 	struct input_device *idev;
 	char name[HCI_MAX_NAME_LENGTH + 1];
 
+	if (!rec)
+		return NULL;
+
 	idev = g_new0(struct input_device, 1);
 	bacpy(&idev->src, btd_adapter_get_address(adapter));
 	bacpy(&idev->dst, device_get_address(device));
-- 
1.8.4.2



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2] input: Fix crash when SDP record isn't available
  2013-12-07 14:53 [PATCH 2/2] input: Fix crash when SDP record isn't available Bastien Nocera
@ 2013-12-07 17:52 ` Johan Hedberg
  2013-12-07 21:45   ` Bastien Nocera
  0 siblings, 1 reply; 4+ messages in thread
From: Johan Hedberg @ 2013-12-07 17:52 UTC (permalink / raw)
  To: Bastien Nocera; +Cc: linux-bluetooth

Hi Bastien,

On Sat, Dec 07, 2013, Bastien Nocera wrote:
> On startup, if the SDP cache has been removed but the pairing
> information is still present, we'd crash trying to access inside a
> NULL record struct.
> ---
>  profiles/input/device.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/profiles/input/device.c b/profiles/input/device.c
> index 521aca8..62f6dbb 100644
> --- a/profiles/input/device.c
> +++ b/profiles/input/device.c
> @@ -811,6 +811,9 @@ static struct input_device *input_device_new(struct btd_service *service)
>  	struct input_device *idev;
>  	char name[HCI_MAX_NAME_LENGTH + 1];
>  
> +	if (!rec)
> +		return NULL;
> +
>  	idev = g_new0(struct input_device, 1);
>  	bacpy(&idev->src, btd_adapter_get_address(adapter));
>  	bacpy(&idev->dst, device_get_address(device));

I've applied your first patch, but I'd like to understand a bit better
how you'd end up in this situation. Is this accomplishable through BlueZ
APIs or only if one goes and messes with the storage directly? Either
way, is this the best approach or should we consider still creating the
input device but just ignore the bits that depend on the SDP record?

Johan

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2] input: Fix crash when SDP record isn't available
  2013-12-07 17:52 ` Johan Hedberg
@ 2013-12-07 21:45   ` Bastien Nocera
  2013-12-10  9:08     ` Johan Hedberg
  0 siblings, 1 reply; 4+ messages in thread
From: Bastien Nocera @ 2013-12-07 21:45 UTC (permalink / raw)
  To: Johan Hedberg; +Cc: linux-bluetooth

On Sat, 2013-12-07 at 21:52 +0400, Johan Hedberg wrote:
> Hi Bastien,
> 
> On Sat, Dec 07, 2013, Bastien Nocera wrote:
> > On startup, if the SDP cache has been removed but the pairing
> > information is still present, we'd crash trying to access inside a
> > NULL record struct.
> > ---
> >  profiles/input/device.c | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/profiles/input/device.c b/profiles/input/device.c
> > index 521aca8..62f6dbb 100644
> > --- a/profiles/input/device.c
> > +++ b/profiles/input/device.c
> > @@ -811,6 +811,9 @@ static struct input_device *input_device_new(struct btd_service *service)
> >  	struct input_device *idev;
> >  	char name[HCI_MAX_NAME_LENGTH + 1];
> >  
> > +	if (!rec)
> > +		return NULL;
> > +
> >  	idev = g_new0(struct input_device, 1);
> >  	bacpy(&idev->src, btd_adapter_get_address(adapter));
> >  	bacpy(&idev->dst, device_get_address(device));
> 
> I've applied your first patch, but I'd like to understand a bit better
> how you'd end up in this situation. Is this accomplishable through BlueZ
> APIs or only if one goes and messes with the storage directly? Either
> way, is this the best approach or should we consider still creating the
> input device but just ignore the bits that depend on the SDP record?

I rm'ed the file in the cache/ directory. I'm not too fussed about what
the end result actually is, it just shouldn't crash. The same patch with
a warning that you shouldn't fiddle with the cache directory would be
fine as well ;)


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2] input: Fix crash when SDP record isn't available
  2013-12-07 21:45   ` Bastien Nocera
@ 2013-12-10  9:08     ` Johan Hedberg
  0 siblings, 0 replies; 4+ messages in thread
From: Johan Hedberg @ 2013-12-10  9:08 UTC (permalink / raw)
  To: Bastien Nocera; +Cc: linux-bluetooth

Hi Bastien,

On Sat, Dec 07, 2013, Bastien Nocera wrote:
> On Sat, 2013-12-07 at 21:52 +0400, Johan Hedberg wrote:
> > Hi Bastien,
> > 
> > On Sat, Dec 07, 2013, Bastien Nocera wrote:
> > > On startup, if the SDP cache has been removed but the pairing
> > > information is still present, we'd crash trying to access inside a
> > > NULL record struct.
> > > ---
> > >  profiles/input/device.c | 3 +++
> > >  1 file changed, 3 insertions(+)
> > > 
> > > diff --git a/profiles/input/device.c b/profiles/input/device.c
> > > index 521aca8..62f6dbb 100644
> > > --- a/profiles/input/device.c
> > > +++ b/profiles/input/device.c
> > > @@ -811,6 +811,9 @@ static struct input_device *input_device_new(struct btd_service *service)
> > >  	struct input_device *idev;
> > >  	char name[HCI_MAX_NAME_LENGTH + 1];
> > >  
> > > +	if (!rec)
> > > +		return NULL;
> > > +
> > >  	idev = g_new0(struct input_device, 1);
> > >  	bacpy(&idev->src, btd_adapter_get_address(adapter));
> > >  	bacpy(&idev->dst, device_get_address(device));
> > 
> > I've applied your first patch, but I'd like to understand a bit better
> > how you'd end up in this situation. Is this accomplishable through BlueZ
> > APIs or only if one goes and messes with the storage directly? Either
> > way, is this the best approach or should we consider still creating the
> > input device but just ignore the bits that depend on the SDP record?
> 
> I rm'ed the file in the cache/ directory. I'm not too fussed about what
> the end result actually is, it just shouldn't crash. The same patch with
> a warning that you shouldn't fiddle with the cache directory would be
> fine as well ;)

Fair enough. I've applied the patch now. Thanks.

Johan

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2013-12-10  9:08 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-12-07 14:53 [PATCH 2/2] input: Fix crash when SDP record isn't available Bastien Nocera
2013-12-07 17:52 ` Johan Hedberg
2013-12-07 21:45   ` Bastien Nocera
2013-12-10  9:08     ` Johan Hedberg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox